From owner-freebsd-bugs  Sat Feb  7 23:20:02 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA12834
          for freebsd-bugs-outgoing; Sat, 7 Feb 1998 23:20:02 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA12816;
          Sat, 7 Feb 1998 23:20:01 -0800 (PST)
          (envelope-from gnats)
Date: Sat, 7 Feb 1998 23:20:01 -0800 (PST)
Message-Id: <199802080720.XAA12816@hub.freebsd.org>
To: freebsd-bugs
Cc: 
From: Bruce Evans <bde@zeta.org.au>
Subject: Re: bin/5679: ftp does not understand 'site' correctly
Reply-To: Bruce Evans <bde@zeta.org.au>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR bin/5679; it has been noted by GNATS.

From: Bruce Evans <bde@zeta.org.au>
To: freebsd-gnats-submit@FreeBSD.ORG, mzaki@e-mail.ne.jp
Cc:  Subject: Re: bin/5679: ftp does not understand 'site' correctly
Date: Sun, 8 Feb 1998 18:10:46 +1100

 >>Fix:
 >--- /usr/src/usr.bin/ftp/cmds.c Fri Feb  6 02:32:24 1998
 >+++ cmds.c	Wed Jan 28 03:42:11 1998
 >@@ -1460,7 +1460,7 @@
 >                for (i = 2; i < argc && len < sizeof(buf); i++) {
                                                           ^ add ` - 1'
 >                        buf[len++] = ' ';
 >                        len += strlen(strncpy(&buf[len], argv[i],
 >-                           sizeof(buf) - len) - 1);
 >+                           sizeof(buf) - len - 1));
 >                }
 >        }
 >        if (command(buf) == PRELIM) {
 
 The bounds checking is broken too.  When len is initially sizeof(buf) - 1,
 the size passed to strncpy() is (size_t)-1 (essentially infinity).
 
 Bruce

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message